Security Baseline provides basic PC protection
By
Robert Vamosi
The Windows Secrets Security Baseline describes products and services that serve as a minimum safe PC configuration.
This week, I'm updating the latest findings on a set of hardware and software that should meet the needs of individual PC users, though more-advanced users and large businesses may want a more-sophisticated approach to computer defense.
It sometimes seems like we spend more time protecting our PCs than actually using them. Sadly, in the modern computer age our systems are under continuous attack. Even worse, those attacks take ever-new approaches to break into our PCs and steal our personal data.
Fortunately, you can put the odds against becoming a malware victim decidedly in your favor by taking a few relatively simple precautions. That's the purpose of the WS Security Baseline. Windows Secrets doesn't have a test lab and ordinarily doesn't test hardware, so we analyze the results of independent labs to determine which products provide a balance of security and convenience for individual PC users.
The baseline's four components are a hardware firewall that's built into your router, security software that guards against all types of malware threats, a software-update service to ensure that your applications are patched against the latest exploits, and a secure browser.
Keep in mind that the baseline is just that: the minimum precautions required to protect the average PC user. Depending on your activities and level of computer experience, your security may require added layers of protection, including encrypted data storage and transmission, PC virtualization, and parental controls.
For more information on virtualization software, see WS senior editor Gizmo Richards'
Dec. 18, 2008,
column, "Keep your Net activities away from prying eyes." Contributing editor Becky Waring offers sage advice on keeping your children safe online in her
Dec. 4, 2008,
column, "Tools let parents control their kids' PC use."
New top choice for router-based firewall
D-Link DIR-825 Xtreme N Dual Band Gigabit Router boasts an Editor's Choice from
PCMag
and high marks from other publications as well. While wireless routers are not so secure as hard-wired units, this model includes a guest feature that lets you grant friends wireless access to your network while blocking them from accessing anything on the network except the Internet.
Figure 1. D-Link's DIR-825 Xtreme N Dual Band Gigabit Router makes it easy to let friends use your wireless network securely.
Other features of the DIR-825 are device sharing via a USB port, support for 2.4-GHz and 5-GHz mixed-mode Wi-Fi, and the ability to connect a USB EV-DO card for use as a cell modem should your WAN link fail, according to PCMag. The product costs about U.S. $150 online. Visit the routers page
on D-Link's site for more information.
Security suites are simple and all-in-one
The most straightforward approach to PC security is to use a security suite — such as Symantec's Norton Internet Security or Norton 360, McAfee's Internet Security or Total Protection, and Kaspersky's Internet Security — that protects your PC from viruses, Trojans, spam, and other malware. You benefit from having to install and maintain only one application, as opposed to the best-of-breed approach to security software that requires multiple installations and updates.
Many experienced PC users prefer to pick and choose their security programs so they get just the features and interfaces they prefer. Also, security suites have a reputation for being difficult to uninstall. Most importantly, many top-rated specialty apps are free. The suites cost from $30 to $70 a year for up to three PCs.
The benefit of a security suite for a home user is convenience. Only a single product needs to be purchased, configured, and updated.
Having achieved top or first-runner-up honors from the editors of
PC World,
PCMag, Maximum PC, and other reviewers, today's consensus security-suite selection is Symantec's Norton Internet Security 2009. The program pairs excellent malware detection with a good range of features. The latest release continues to be faster and less resource-hungry than previous versions, according to
PCMag
and other testers.
If you're one of the many people who've sworn never to install a Norton or McAfee security product again, however, there are a lot of other strong contenders for security-suite top dog:
-
Maximum PC
lists ESET Smart Security as its second choice; the program matched Symantec's score of 9 out of 10. (Read Maximum PC's most recent
security-software reviews.)
-
Norton Internet Security shares its PCMag
Editors' Choice with ZoneAlarm Extreme Security. (Read recent PCMag
security-software reviews.)
-
PC World
rates G-Data Internet Security 2010 as its first choice — just ahead of Norton Internet Security — and ranks BitDefender Internet Security 2009 just behind Norton. (Read the full BitDefender
review
and all PC World
security-app reviews.)
If you choose a specialty antivirus program over a suite, you'll need to download and install a good software firewall as well. (This is in addition to the firewall built into your network hardware.) The free Comodo Internet Security combines a firewall and antivirus app; more information and a download link are on the vendor's site. An alternative is Agnitum's Outpost Firewall Free; Agnitum's site provides more information about the product.
One of the highest-rated free antivirus programs — by PC users and software reviewers alike — is Malwarebyte.org's AntiMalware, available for download from the company's site.
Update services identify unpatched applications
For novices, the free Microsoft Update service automatically patches Windows, Office, and other Microsoft programs. (The service requires Internet Explorer, which has security weaknesses of its own. However, it's extremely unlikely that any malware will make it onto the Microsoft site and attempt to infect your PC by exploiting a vulnerability in IE.)
Susan Bradley and other WS contributing editors recommend that you configure Windows' Automatic Updates service to Notify me but don't automatically download and install. Before you install any Windows updates, read Susan's twice-a-month Patch Watch column and other Windows Secrets articles to learn which patches might be risky or otherwise undesirable.
Many PC users don't trust Microsoft's opinion of what they should install, and neither of the MS programs report on patches for non-Microsoft programs. In her May 28 Top Story, Susan reviews Shavlik's Patch Google Gadget, Secunia's Online Software Inspector/Personal Software Inspector, and Belarc Advisor as alternatives to Windows Update and Microsoft Update.
The downside of using Shavlik's updater is the program's reliance on the Google Desktop program, which some analysts consider a privacy risk. If you wish to use the updater anyway, however, you'll find it on Shavlik's download page.
Secunia's OSI runs in your browser, requiring no download or installation, while PSI is a standalone program that installs on your PC. You can download PSI from Secunia's site.
If you find yourself forgetting to run either OSI or PSI after Microsoft releases updates, you can sign up for an automatic reminder. To do so, click Secunia's reminder service link and enter your e-mail address. The company will notify you whenever a new update is released.
The free Belarc Advisor utility can be downloaded from the Belarc site. The program's interface isn't too pretty, but Belarc does the job.
Use a browser that will keep you safe
Until recently, most experts agreed that the safest way to surf the Web was to use Mozilla's Firefox browser, available from the organization's download page.
At present, Secunia's Firefox 3.0.x advisory page states there's a URL spoofing issue in that version of the browser. The equivalent report for Firefox 3.5.x indicates the same unpatched vulnerability.
By comparison, Secunia's report for Google Chrome 3.x shows no advisories for that browser. Likewise, Google Chrome 2.x comes up clean in Secunia's analysis. That gives Chrome a bit of an edge over Firefox security-wise, at least for the moment.
For added safety when using Firefox, download the donationware NoScript add-on, which is available from the vendor's site. This extension automatically blocks JavaScript and Adobe media files on a site-by-site or source-by-source basis, allowing you to override the blocks as needed. NoScript can also thwart clickjacking attempts and other Web nasties. (Be sure to add WindowsSecrets.com and other trusted names to your list of sites that are permitted to use JavaScript, which is important for some Web functions.)
Windows Update and some other Microsoft services require Internet Explorer. Unfortunately, Susan Bradley hasn't yet been able to give the latest version — IE 8 — the thumbs-up for large enterprises, due to incompatibilities it has with some sites.
I recommend that you use Firefox, Chrome, or another IE alternative as your default browser and open IE only when necessary.
Having a patched copy of Internet Explorer installed, however, keeps your PC free of exploits targeting Office and other Microsoft products that use IE's HTML-rendering capabilities.
Secunia states on its IE 8 page that Microsoft has addressed only two of the four vulnerabilities found to date in the new browser. The service's report of a URL path-spoofing vulnerability was posted on Aug. 19. A "Charset Inheritance Cross-Site Scripting Vulnerability" in IE 8 remains unpatched more than two years after the problem was first discovered, according to Secunia's report. (The vulnerability also affects IE 7.)
To be sure, Firefox and other browsers periodically suffer from flaws such as IE's. But until Microsoft learns to close its browser's holes within days, as Mozilla and other browser developers do, using Firefox or another alternative to IE is still your best bet.
WS contributing editor Robert Vamosi was senior editor of CNET.com from 1999 to 2008, writing pieces such as Security Watch, the winner of the 2005 MAGGIE Award for best regularly featured Web column for consumers.
Digg
Del.icio.us
Reddit
StumbleUpon
Other
Permalink
